[SECURITY] Fedora Core 3 Update: ImageMagick-6.2.0.7-2.fc3

From: Matthias Clasen <mclasen redhat com>

To: fedora-announce-list redhat com

Subject: [SECURITY] Fedora Core 3 Update: ImageMagick-6.2.0.7-2.fc3

Date: Wed, 30 Mar 2005 13:43:42 -0500

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-235
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 3
Name : ImageMagick
Version : 6.2.0.7
Release : 2.fc3
Summary : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.
---------------------------------------------------------------------
Update Information:
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.
A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code in a victims machine if they
are able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.
---------------------------------------------------------------------
* Wed Mar 16 2005 <mclasen redhat com> - 6.2.0.7-2.fc3
- Update to 6.2.0 to fix a number of security issues:
- Drop a lot of upstreamed patches
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
dbbd0c32799bc32658214273037f1942
SRPMS/ImageMagick-6.2.0.7-2.fc3.src.rpm
39ecc49bcdfda64dd2cfaac13b332f42
x86_64/ImageMagick-6.2.0.7-2.fc3.x86_64.rpm
908f8c2f25568cf2340db0a6ae7c5b57 x86_64/ImageMagick-
devel-6.2.0.7-2.fc3.x86_64.rpm
7f5112e7f05c9d4a448f5edeb42b153c x86_64/ImageMagick-
perl-6.2.0.7-2.fc3.x86_64.rpm
039af81133349c933d0de1e1f61f3ba1 x86_64/ImageMagick-c+
+-6.2.0.7-2.fc3.x86_64.rpm
455c2286d9f1ed1e778a5c5e905053cb x86_64/ImageMagick-c++-
devel-6.2.0.7-2.fc3.x86_64.rpm
fe8a3812e6c3fbc8f5016e6eb1d2271a x86_64/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc3.x86_64.rpm
1f8387ff55eee8116b53309fc93e28db
x86_64/ImageMagick-6.2.0.7-2.fc3.i386.rpm
214aee8a27780dee6e5c4a5b8b58ec0e x86_64/ImageMagick-c+
+-6.2.0.7-2.fc3.i386.rpm
1f8387ff55eee8116b53309fc93e28db
i386/ImageMagick-6.2.0.7-2.fc3.i386.rpm
a97fb99dfbcddc4391a351a51d544f14 i386/ImageMagick-
devel-6.2.0.7-2.fc3.i386.rpm
12ceecfa8d7fd51e9e7a0eaf92c2abcf i386/ImageMagick-
perl-6.2.0.7-2.fc3.i386.rpm
214aee8a27780dee6e5c4a5b8b58ec0e i386/ImageMagick-c+
+-6.2.0.7-2.fc3.i386.rpm
1ed8f7ca926e4fd31500f7ee8f767e72 i386/ImageMagick-c++-
devel-6.2.0.7-2.fc3.i386.rpm
1f8756e8c6b5405dad07396eb34bf064 i386/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------